We have recently came across one PHP hardeners called Husosin installed on one of PROD server - http://www.hardened-php.net/suhosin/Recently we installed In-Portal on a web server with Suhosin module installed.
Briefly what it does:"Suhosin
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against buffer overflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.
...
On PROD production server we experienced issue with Memory Limits Limit when we have set Memory limit to 50M in beginning of the script and then trying to change that to "unlimited" with -1 value (unlimited) for image re-sizing in Image Helper) ImageHelper class. However it's still being set to 50M. Below is the test case from that server :
| Code Block | ||
|---|---|---|
| ||
ini_set('display_errors', 1);
error_reporting(E_ALL);
echo 'suhosin.memory_limit = ' . ini_get('suhosin.memory_limit') . '<br/>';
ini_set('memory_limit', '50M');
ini_set('memory_limit', -1);
echo 'ML: memory_limit = ' . ini_get('memory_limit') . '<br/>';
|
In general Suhosin would only allow Memory Limit set to what it has in it's own settingsIn particular Suhosin module limits memory, that a PHP script can use. This way setting -1 (unlimited) would in fact set memory from suhosin.memory_limit setting of php.ini file.
I believe we should change our default 50M memory limit in init/core/kernel/startup.php to be set to 128M. Additionally we have other discussion Moving "Memory Limit" to Config.php discussion where we want to have ability to custom set Memory Limit from the template.
...
What are your thoughts on this ?
...